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DETAILED ACTION 

1 . The instant application having Application No. 10566393 filed on 01/27/2006 is 
presented for examination by the examiner. 

Oath/Declaration 

2. The applicant's oath/declaration has been reviewed by the examiner and is found to 
conform to the requirements prescribed in 37 C.F.R. 1.63. 

Priority 

3. As required by M.P.E.P. 201.14(c), acknowledgement is made of applicant's claim for 
priority based on applications filed on July 29, 2003 (US Provisional 60/490, 687). 

Receipt is acknowledged of papers submitted under 35 U.S.C. 1 19(a)-(d), which papers 
have been placed of record in the file. 

However, to overcome a prior art rejection, applicant(s) must submit a translation of the 
foreign priority papers in order to perfect the claimed foreign priority because said papers has not 
been made of record in accordance with 37 CFR 1 .55. See MPEP § 201 . 15. 

Drawings 

4. The drawings are objected to because the term SSID at reference number 215, M, 235 
and so forth, on Figure 3 is not to be found in the specification. 

Appropriate correction is required. 
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Information Disclosure Statement 

5. The information disclosure statement (IDS) submitted on 01/27/2006. The submission is 
in compliance with the provisions of 37 CFR 1 .97. Accordingly, the information disclosure 
statement is being considered by the examiner. 

Abstract 

6. Applicant is reminded of the proper language and format for an abstract of the disclosure. 
The abstract should be in narrative form and generally limited to a single paragraph on a 

separate sheet within the range of 50 to 1 50 words. It is important that the abstract not exceed 
150 words in length since the space provided for the abstract on the computer tape used by the 
printer is limited. The form and legal phraseology often used in patent claims, such as "means" 
and "said," should be avoided. The abstract should describe the disclosure sufficiently to assist 
readers in deciding whether there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," 
"The disclosure defined by this invention," "The disclosure describes," etc. 

The abstract of the disclosure is objected to because the abstract is over the 150 words 
limitation. Correction is required. See MPEP § 608.01(b). 



Specification 



1. 



The disclosure is objected to because of the following informalities: on page 7, line 29; 
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page 9, line 4, line 10, line 13, and so forth, the term "session ID (SID)" appears to be "SSID" 
on the corresponding section of Fig. 3. 

Appropriate correction is required. 



Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

9. Claims 48-57 are rejected under 35 U.S.C. 102(b) as being anticipated by Levergood et 
al. (US 5708780) (hereinafter Levergood). 

As per claim 48 , Levergood discloses "a method for controlling network access, said 
method comprising:" (column 3, line 8-9, methods of processing service requests from a client to 
a server through a network) "receiving a re-directed request for network access via a message" 
(column 3, line 27-29, Levergood discloses that content server initiates the authorization routine 
by redirecting the client's request via URL) "transmitting a client identifier and unique data" 
(column 5, line 49-65, an SID provided from the authentication server to the client. The SID 
includes 22-bit user identifier, and other specific data) "and generating a web page including 
embedded data" (column 3, line 53-54, a modified URL appended with an SID). 

As per claim 49 , Levergood discloses "the method according to claim 48, wherein said 
unique data comprises a session identifier and a random number" (column 5, line 54-65, the 16 
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character ASCII string that encodes 96 bits of SID data. Since it is encoded the data includes a 
randomized number). 

As per claim 50 , Levergood discloses "the method according to claim 48, wherein said 
embedded data comprises a session identifier, a random number and authentication server 
selection information" (column 5, line 22-65, user redirects URL get request at 100 in Fig. 2A 
contains an SID. From line 54 to 64, Levergood discloses that the preferred SID is a sixteen 
character string that encodes 96 bit of SID data. It includes a 32-bit digital signature, a 2-bit key 
identifier, and a 22-bit user identifier etc. The 22-bit user identifier is considered as 
authentication parameters. The 16-bit ASCII string is considered as said unique data, and the 
authorized IP address is considered as session identifier). 

As per claim 51 , Levergood discloses "a system for controlling network access, 
comprising:" (column 3, line 8-9, methods of processing service requests from a client to a 
server through a network) "means for receiving a rc-directed request for network access via a 
message" (column 3, line 27-29, Levergood discloses that content server initiates the 
authorization routine by redirecting the client's request via URL) "means for transmitting a client 
identifier and unique data" (column 5, line 49-65, an SID provided from the authentication server 
to the client. The SID includes 22-bit user identifier, and other specific data) "and means for 
generating a web page including embedded data" (column 3, line 53-54, a modified URL 
appended with an SID). 

As per claim 52 , Levergood discloses "the system according to claim 51, wherein said 
unique data comprises a session identifier and a random number" (column 5, line 54-65, the 16 
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character ASCII string that encodes 96 bits of SID data. Since it is encoded the data includes a 
randomized number). 

As per claim 53 , Levergood discloses "the system according to claim 51, wherein said 
embedded data comprises a session identifier, a random number and authentication server 
selection information" (column 5, line 22-65, user redirects URL get request at 100 in Fig. 2A 
contains an SID. From line 54 to 64, Levergood discloses that the preferred SID is a sixteen 
character string that encodes 96 bit of SID data. It includes a 32-bit digital signature, a 2-bit key 
identifier, and a 22-bit user identifier etc. The 22-bit user identifier is considered as 
authentication parameters. The 16-bit ASCII string is considered as said unique data, and the 
authorized IP address is considered as session identifier). 

As per claim 54 , Levergood discloses "a method for controlling network access, said 
method comprising:" (column 3, line 8-9, methods of processing service requests from a client to 
a server through a network) "receiving an authentication user input message" (column 6, line 36- 
41, authentication server receives a request from client) "transmitting authentication input page 
requesting authentication information" (column 6, line 44-49, sends a challenge response which 
causes the client browser to prompt the user for credentials) "receiving authentication 
credentials; and transmitting an authentication message indicating one of success and failure of 
an authentication process" (column 6, line 58-66, and column 7, line 1-20, upon receive the 
request, if the user is not cleared for authorization, a page denying access is transmitted to the 
client browser. If the user is qualified, the access of the resource is granted). 

As per claim 55 , Levergood discloses "the method according to claim 54, wherein said 
authentication message comprises a digital signature, a session identifier, authentication 
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parameters and a random number" (column 6, line 5-16, the authentication request get URL 
contains a SID, and User IP. From line column 54 to 64, Levergood teaches that the preferred 
SID is a sixteen character string that encodes 96 bit of SID data. It includes a 32-bit digital 
signature, and a 22-bit user identifier etc. The 22-bit user identifier is considered as 
authentication parameters. User IP is considered as session identifier. Since the SID is encoded 
the data it includes a random number). 

As per claim 56 , Levergood discloses "a system for controlling network access, 
comprising:" (column 3, line 8-9, methods of processing service requests from a client to a 
server through a network) "means for receiving an authentication user input message" (column 6, 
line 36-41, authentication server receives a request from client) "means for transmitting 
authentication input page requesting authentication information" (column 6, line 44-49, sends a 
challenge response which causes the client browser to prompt the user for credentials) "means 
for receiving authentication credentials; and means for transmitting an authentication message 
indicating one of success and failure of an authentication process" (column 6, line 58-66, and 
column 7, line 1-20, upon receive the request, if the user is not cleared for authorization, a page 
denying access is transmitted to the client browser. If the user is qualified, the access of the 
resource is granted). 

As per claim 57 , Levergood discloses "the system according to claim 56, wherein said 
authentication message comprises a digital signature, a session identifier, authentication 
parameters and a random number" (column 6, line 5-16, the authentication request get URL 
contains a SID, and User IP. From line column 54 to 64, Levergood teaches that the preferred 
SID is a sixteen character string that encodes 96 bit of SID data. It includes a 32-bit digital 
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signature, and a 22-bit user identifier etc. The 22-bit user identifier is considered as 
authentication parameters. User IP is considered as session identifier. Since the SID is encoded 
the data it includes a random number). 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1 1 . Claims 1-13, 34, 36, and 41 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Levergood et al. (US 5708780) (hereinafter Levergood) in view of Stewart et. al. (US 
6732176) (hereinafter Stewart), and further in view of Hinton et al. (WO 02/39237 A2) 
(hereinafter Hinton). 

As per claims 1 , Levergood discloses "a method for controlling access to a network, said 
method comprising:" (column 3, line 8-9, methods of processing service requests from a client to 
a server through a network) "receiving, by an access point (AP) of said network, a request to 
access said network, said request transmitted by a client;" (column 3, line 8-29, with respect to 
this limitation, Levergood discloses that client request is received by the internet server which is 
also called content sever to access controlled files. Examiner considers the internet server is the 
access point of the network) "re-directing, by said AP, said access request to a local server;" 
(column 3, line 27-29, Levergood discloses that content server initiates the authorization routine 
by redirecting the client's request to an authentication server) "transmitting an authentication 
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request to said selected authentication server" (column 3, line 26-29, with respect to this 
limitation, Levergood discloses redirecting the client's request to an authentication server) "and 
receiving a response to said authentication request from said selected authentication server" 
(column 3, line 29-33, Levergood discloses this limitation by the authentication server returns a 
response to qualified client). 

Levergood does not specifically disclose "associating unique data with an identifier of 
said client and storing a mapping of said association in said AP" and "generating a Web page by 
said local server requesting that said client select an authentication server (AS) and including 
said unique data and forwarding said generated Web page to said client". 

However, Stewart discloses "associating unique data with an identifier of said client and 
storing a mapping of said association in said AP" (column 2, line 42-66, access point detect 
identification information, and later discloses to store a list of identification information that 
maps to a corresponding list). 

Levergood and Stewart are analogous art because both applications teach the access 
control to a network or the Internet via wire or wirelessly. 

It would have been obvious to one of ordinary skilled in the art at the time of invention to 
further processing access request of Levergood at an access point or an computing device as 
described in Stewart because it would provide for varying the options to be authenticated to a 
network. 

Furthermore, Hinton discloses "generating a web page by said local server requesting that 
said client select an authentication server (AS) and including said unique data and forwarding 
said generated Web page to said client" (page 23, line 17-34, and page 24, line 1-3, server 
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generates a web page for client to select all the available servers/services (including 
authentication service). Server 404 sends HTTP redirects to the client including introductory 
authentication token. Figure 4A discloses the token includes user ID which considers equal 
meaning with unique data. Figure 3B depicts an exemplary webpage). 

Levergood and Stewart, and Hinton are analogous art because they all attempt to satisfy 
the different authentication needs when come to access a network or the Internet. 

It would have been obvious to one of ordinary skilled in the art at the time of invention to 
generate a web page for user to select the next website that client desire to locate by clicking on 
the link as described by Hinton to facilitate the service providers list that client needs to choose 
that depicts by Levergood in view of Stewart because it would provide to use a web page for 
communication between a client and a server is easier implement in technical point and more 
explicit/user friendly to client to make the select. 

As per claim 2 , Hinton discloses "the method according to claim 1 , wherein said network 
is a wireless Local Area network ( WLAN)" (page 10, line 12-20, the network 101 may include 
permanent connections, such as wire or fiber optic cables, or connections made through wireless 
communications) . 

As per claim 3 , Levergood discloses "the method according to claim 1, further 
comprising: forwarding said identifier of said client from said local server; and generating said 
unique data for said client by said local server" (column 3, line 24-26, the internet server subjects 
the client to an authorization routine prior to issuing the SID. The SID considers as identifier, 
and the protected SID is the unique data of the server). 



Application/Control Number: 10/566,393 Page 1 1 

Art Unit: 4148 

As per claim 4 , Levergood discloses "the method according to claim 1, further 
comprising: retrieving, by said client, a re-directed URL having embedded data including a first 
digital signature, authentication parameters and said unique data and forwarding said re-directed 
URL to said AP" (column 5, line 22-65, user redirects URL get request at 100 in Fig. 2A 
contains an SID. From line 54 to 64, Levergood discloses that the preferred SID is a sixteen 
character string that encodes 96 bit of SID data. It includes a 32-bit digital signature, a 2-bit key 
identifier, and a 22-bit user identifier etc. The 22-bit user identifier is considered as 
authentication parameters. The 16-bit ASCII string is considered as said unique data, and the 
authorized IP address is considered as said identifier. The browser forwards the request to a 
content server 120. As stated above, content server is considered as AP) "creating, by said AP, a 
second digital signature using said authentication parameters, said unique data and said 
identifier; comparing, by said AP, said first digital signature with said second digital signature" 
(column 6, line 5-8, the content server which is considered as AP tagged with SID. From line 54 
to 64, Levergood discloses that the preferred SID is a sixteen character string that encodes 96 bit 
of SID data. It includes a 32-bit digital signature, a 2-bit key identifier, and a 22-bit user 
identifier etc. The 22-bit user identifier is considered as authentication parameters. The 16 
character ASCII string is considered as said unique data, and the authorized IP address is 
considered as said identifier. The browser forwards the request to a content server 120) 
"determining, by said AP, if there is a match between said first digital signature and said second 
digital signature" (column 6, line 8-16, the SID's digital signature is compared against the digital 
signature computed) "and performing, by said AP, one of granting network access and denying 
network access based on said match determination" (column 6, line 17-20, with respect to this 
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limitation, Levergood discloses if the validation passes, the controlled resources will be granted 
to access). 

As per claim 5 , Levergood discloses "the method according to claim 1, wherein said 
unique data includes a session ID and a randomized number" (column 5, line 54-65, the 16 
character ASCII string that encodes 96 bits of SID data. Since it is encoded the data includes a 
randomized number). 

As per claim 6 , Levergood discloses "the method according to claim 1, wherein said 
identifier is an address of said client" (column 5, line 61-65, the authorized IP address is 
considered as said identifier of the user). 

As per claim 7 , Levergood discloses "the method according to claim 1, wherein the act of 
authenticating further comprises: processing, by said AS, said authentication request, wherein 
said authentication request includes a session ID embedded in said authentication request" 
(column 6, line 27-65, client browser automatically sends a GET request to authentication 
server. Levergood discloses the embedded session ID in line 62-63 by such as client IP address 
and password, as well as other information) "responding to said authentication request by 
forwarding to said client by said AS an authentication input page, said authentication input page 
including a request for authentication information" (column 6, line 40-49, with respect to this 
limitation, Levergood discloses authentication server sends a challenge responds which causes 
the client browser to prompt the user for credentials) "and receiving, by said AS, authentication 
credentials from said client, wherein said response to said authentication request forwarded to 
said client includes a re-direct header and a success code and associated information relevant to 
access of said network by said client" (column 6, line 58-67, and column 7, line 1-21, Levergood 
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discloses this limitation by if user is authorized, the authentication server transmits a redirect 
response based on the tagged URL to client browser. An SID for an authorized user is 
appended). 

As per claim 8 , Levergood discloses "the method according to claim 7, wherein the act of 
forwarding further comprises generating, by said AS, said success code and said associated 
information includes a first digital signature and authentication parameters" (column 7, line 14- 
20, an SID for an authorized user is appended. Levergood discloses The SID is sixteen character 
ASCII string and it contains a 32-bit digital signature in column 5, line 54-61 . It is the as same 
as the SID Levergood mentioned in the rejection of claim 4). 

As per claim 9 , Levergood discloses "the method according to claim 5, wherein said 
randomized number is one of a random number and a pseudo-random number" (column 5, line 
54-65, the sixteen character ASCII string that encodes 96 bits of SID data. Since the SID is 
encoded the data it includes a random number or pseudo-random number). 

As per claim 10 , Levergood and Steward disclose "the method according to claim 1, 
wherein said identifier is one of a physical (PHY) address of said client, a MAC address of said 
client and an IP address of said client" (in column 5, line 54-65, Levergood discloses "an IP 
address of said client" by the SID which has the equal meaning of identifier contains a 32-bit 
digital signature, and the digital signature includes the IP address of the user. In column 2, line 
34-39, Stewart discloses "a MAC address of said user" by the identification information may 
take various forms, such as system ID, MAC ID etc). 
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As per claim 11 , Steward discloses "the method according to claim 1 , wherein said AP 
and said local server are co-located" (column 2, line 63-66, the memory medium which may be a 
computer system can be comprised in the access point). 

As per claiml2 , Levergood discloses "the method according to claim 4, wherein said first 
and said second digital signatures are generated using one of a private key of said AS and a 
shared key between said AS and said local server" (column 5, line 61-65, the digital signature is 
a cryptographic hash that encrypted with secret key which is shared by the authentication and 
content servers). 

As per claim 13 , Levergood discloses "the method according to claim 4, wherein said 
second digital signature is locally generated at said AP" (column 6, line 5-13, the first digital 
signature is compared against the second digital signature that computed by content server). 

As per claim 34 , Levergood discloses "the method of claim 1, further comprising: at the 
authentication server, authenticating the client using the unique data, and forwarding said 
response to the client using a re-direct header, and including a digitally signed authentication 
message and authentication parameters corresponding to the unique data (column 7, line 14-20, 
an SID for an authorized user is appended. The authentication server then transmits a redirect 
response to the client browser. Levergood discloses the SID is sixteen characters ASCII string 
and it contains a 32-bit digital signature, a 2-bit expiration date, a 22-bit user identifier and other 
information included in column 5, line 54-61) "and the access point receiving from the client 
according to the re-direct header the digitally signed authentication message and authentication 
parameters" (column 7, line 14-20, content server receiving from the user according to the 
original URL directed header with an SID for the user is appended. Levergood discloses the SID 
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is sixteen characters ASCII string and it contains a 22 -bit user identifier and other information 
included in column 5, line 54-61). 

Stewart discloses "correlating the authentication parameters with the mapped association 
data for determining access to the network" (column 2, line 60-67, and column 3, line 1-6, 
compare the received parameters with the mapped corresponding list to determine the 
appropriate network provider to access). 

AS per claim 36 , Levergood discloses "the method of claim 1 , wherein said unique data 
comprises a session ID and a randomized number and further comprising: receiving, by said AP, 
a re-directed request from the client and including a digitally signed authentication message, an 
authentication parameter list, and said session ID, the digitally signed authentication message 
being generated using the randomized number, said session ID and said authentication parameter 
list, by said selected authentication server associated with the client" (column 5, line 22-65, user 
redirects URL get request at 100 in Fig. 2 A contains an SID to content server. From line 54 to 
64, Levergood discloses that the preferred SID is a sixteen character string that encodes 96 bit of 
SID data. Since it is encoded it is involved in a randomized number. It includes a 32-bit digital 
signature, a 2-bit key identifier, and a 22-bit user identifier etc. The 22-bit user identifier is 
considered as authentication parameters. The URL directed to is the selected authentication 
server to the user). Steward discloses "and correlating the received digitally signed 
authentication message with the re-directed request for access using the stored mapping data for 
controlling access by the client to the network" (column 2, line 49-66, access point receives the 
identification information for using a stored list to map for the controlling network access). 
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As per claim 41 , Steward discloses "the method according to claim 36, wherein said AP 
and said LS are co-located" (column 2, line 63-66, the memory medium which may be a 
computer system can be comprised in the access point). 

As per claim 26 , Levergood discloses "a system for controlling access to a network 
comprising: a client; an access point (AP) coupled to a local server (LS) for relaying network 
communications to and from the client" (column 3, line 7-29, and figure3, the invention related 
to methods of processing service requests from a client to a server through a network, it includes, 
a client, a internet server, and a content server. Content server serves the same function as an 
AP, and internet server servers the same function as a local server) "and an authentication server 
for performing an authentication process in response to a request from the client" (column 3, line 
29-34, an authentication returns a response to interrogate the client and issue certificate to client) 
"the LS transmits the unique data to the client" (column 3, line 26-29, Levergood discloses 
redirecting the client's request to an authentication server, and the server subjects the client to 
client to an authorization routine prior to issuing the SID. The SID considers as identifier, and 
the protected SID is the unique data of the server) "the authentication server, upon authenticating 
the client using the unique data, is operative to provide a re-direct header for access to the client 
including a digitally signed authentication message and authentication parameters corresponding 
to the unique data" (column 7, line 14-20, an SID for an authorized user is appended. The 
authentication server then transmits a redirect response to the client browser. Levergood 
discloses the SID is sixteen characters ASCII string and it contains a 32-bit digital signature, a 2- 
bit expiration date, a 22-bit user identifier and other information included in column 5, line 54- 
61) "the AP receiving the digitally signed retrieved re-directed URL and authentication 
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parameters from the client" (column 7, line 14-20, content server receiving from the user 
according to the original URL directed header with an SID for the user is appended. Levergood 
discloses the SID is sixteen characters ASCII string and it contains a 22-bit user identifier and 
other information included in column 5, line 54-61). 

Levergood does not specifically disclose "wherein the AP, in response to a re-directed 
request to access the network from the client, associates unique data with an identifier of the 
client and stores a mapping of the association" and "the AP further correlating the authentication 
parameters with the mapped association data for determining access to the network based on the 
results of the correlation". 

However, Stewart discloses "wherein the AP, in response to a re-directed request to 
access the network from the client, associates unique data with an identifier of the client and 
stores a mapping of the association" (column 2, line 42-66, access point detect identification 
information, and later discloses to store a list of identification information that maps to a 
corresponding list) "and the AP further correlating the authentication parameters with the 
mapped association data for determining access to the network based on the results of the 
correlation" (column 2, line 60-67, and column 3, line 1-6, compare the received parameters with 
the mapped corresponding list to determine the appropriate network provider to access). 

Levergood and Stewart are analogous art because both applications teach the access 
control to a network or the Internet via wire or wirelessly. 

It would have been obvious to one of ordinary skilled in the art at the time of invention to 
further processing access request of Levergood at an access point or an computing device as 
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described in Stewart because it would provide for varying the options to be authenticated to a 
network. 

Furthermore, Hinton discloses "the system of claim 25, wherein the network is a wireless 
local area network (WLAN) comprising the access point and local server" (page 10, line 12-20, 
the network 101 may include permanent connections, such as wire or fiber optic cables, or 
connections made through wireless communications). Levergood discloses "comprising the 
access point and local server" (column 3, line 7-29, the invention includes, a client, an internet 
server, and a content server. Content server serves the same function as an AP, and internet 
server servers the same function as a local server). 

Levergood and Stewart, and Hinton are analogous art because they all attempt to satisfy 
the different authentication needs when come to access a network or the Internet. 

It would have been obvious to one of ordinary skilled in the art at the time of invention to 
generate a web page for user to select the next website that client desire to locate by clicking on 
the link as described by Hinton to facilitate the service providers list that client needs to choose 
that depicts by Levergood in view of Stewart because it would provide to use a web page for 
communication between a client and a server is easier implement in technical point and more 
explicit/user friendly to client to make the select. 

As per claim 33 , Steward discloses "the system of claim 26, wherein said AP and said LS 
are co-located" (column 2, line 63-66, the memory medium which may be a computer system 
can be comprised in the access point). 
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12. Claims 25, 27-32, and 42-47 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Levergood et al. (US 5708780) (hereinafter Levergood) in view of Stewart et. al. (US 
6732176) (hereinafter Stewart). 

As per claim 25 , Levergood discloses "a system for controlling access to a network 
comprising: a client; an access point (AP) coupled to a local server (LS) for relaying network 
communications to and from the client" (column 3, line 7-29, and figure3, the invention related 
to methods of processing service requests from a client to a server through a network, it includes, 
a client, a internet server, and a content server. Content server serves the same function as an 
AP, and internet server servers the same function as a local server) "and an authentication server 
for performing an authentication process in response to a request from the client" (column 3, line 
29-34, an authentication returns a response to interrogate the client and issue certificate to client) 
"the LS transmits the unique data to the client" (column 3, line 26-29, Levergood discloses 
redirecting the client's request to an authentication server, and the server subjects the client to 
client to an authorization routine prior to issuing the SID. The SID considers as identifier, and 
the protected SID is the unique data of the server) "the authentication server, upon authenticating 
the client using the unique data, is operative to provide a re-direct header for access to the client 
including a digitally signed authentication message and authentication parameters corresponding 
to the unique data" (column 7, line 14-20, an SID for an authorized user is appended. The 
authentication server then transmits a redirect response to the client browser. Levergood 
discloses the SID is sixteen characters ASCII string and it contains a 32-bit digital signature, a 2- 
bit expiration date, a 22-bit user identifier and other information included in column 5, line 54- 
61) "the AP receiving the digitally signed retrieved re-directed URL and authentication 
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parameters from the client" (column 7, line 14-20, content server receiving from the user 
according to the original URL directed header with an SID for the user is appended. Levergood 
discloses the SID is sixteen characters ASCII string and it contains a 22-bit user identifier and 
other information included in column 5, line 54-61). 

Levergood does not specifically disclose "wherein the AP, in response to a re-directed 
request to access the network from the client, associates unique data with an identifier of the 
client and stores a mapping of the association" and "the AP further correlating the authentication 
parameters with the mapped association data for determining access to the network based on the 
results of the correlation". 

However, Stewart discloses "wherein the AP, in response to a re-directed request to 
access the network from the client, associates unique data with an identifier of the client and 
stores a mapping of the association" (column 2, line 42-66, access point detect identification 
information, and later discloses to store a list of identification information that maps to a 
corresponding list) "and the AP further correlating the authentication parameters with the 
mapped association data for determining access to the network based on the results of the 
correlation" (column 2, line 60-67, and column 3, line 1-6, compare the received parameters with 
the mapped corresponding list to determine the appropriate network provider to access). 

Levergood and Stewart are analogous art because both applications teach the access 
control to a network or the Internet via wire or wirelessly. 

It would have been obvious to one of ordinary skilled in the art at the time of invention to 
further processing access request of Levergood at an access point or an computing device as 
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described in Stewart because it would provide for varying the options to be authenticated to a 
network. 

As per claim 27 , Levergood discloses "the system of claim 25, wherein the local server 
generates a web page requesting that the client select an authentication server, and embeds the 
unique data in the web page for transmission to the client" (column 3, line 24-26, the internet 
server subjects the client to an authorization routine prior to issuing the SID. The SID considers 
as identifier, and the protected SID is the unique data of the server). 

As per claim 28 , Levergood and Steward disclose "the system of claim 25, wherein the 
identifier of the client is one of a physical address, MAC address and an IP address" (in column 
5, line 54-65, Levergood discloses "an IP address of said client" by the SID which has the equal 
meaning of identifier contains a 32-bit digital signature, and the digital signature includes the IP 
address of the user. In column 2, line 34-39, Stewart discloses "a MAC address of said user" by 
the identification information may take various forms, such as system ID, MAC ID etc.). 
Levergood discloses "and wherein the unique data comprises a session ID and a randomized 
number" (column 5, line 54-65, the 16 character ASCII string that encodes 96 bits of SID data. 
Since it is encoded the data includes a randomized number). 

As per claim 29 , Levergood discloses "the system of claim 28, wherein the session ID 
and randomized number are generated by the local server" (column 3, line 24-26, the internet 
server subjects the client to an authorization routine prior to issuing the SID. The SID considers 
as identifier, and the protected SID is the unique data of the server. According to column 5, line 
54-65, the SID is a sixteen character ASCII string that encodes 96 bits of SID data. Since the 
SID is encoded the data includes a random number). 
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As per claim 30 , Levergood discloses "the system of claim 28, wherein the 
authentication server receives user credential information from the client and provides a digitally 
signed authentication message including an authentication parameters using said unique data 
through HTTPS to the client via said re-direct header to the client" (column 6, line 42-49 and 
column 7, line 14-19, authentication server send challenge response and receives user credential, 
and issue an appropriate SID. It includes digitally signed authentication message for authorize 
user, and redirect response on the tagged URL to client browser). 

As per claim 31 , Levergood and Stewart disclose "the system of claim 30, wherein the 
AP, in response to receiving the digitally signed authentication message re-directed from the 
client including the authentication parameters and at least a portion of the unique data from the 
client" (column 7, line 14-20, Levergood discloses that content server receiving from the user 
according to the original URL directed header with an SID for the user is appended. Levergood 
discloses the SID is sixteen characters ASCII string and it contains a 22-bit user identifier and 
other information included in column 5, line 54-61) "generates a local digital signature using the 
received portion of the unique data and compares the local digital signature with the digitally 
signed authentication message to determine network access by the client" (column 6, line 8-16, 
with respect to this limitation, Levergood discloses that the SID's digital signature is compared 
against the digital signature computed from the remaining item of the SID. If the validation 
passes, the access is authorized) "and the stored mapping data together with the authentication 
parameters" (column 2, line 60-63, Stewart discloses stores a list of identification information 
that maps to a corresponding list). 
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As per claim 32 , Levergood discloses "the system of claim 25, wherein the re-direct 
header further comprises a means for re-directing a browser of the client to a URL on the 
network, and embedding in the URL said digitally signed authentication message, the 
authentication parameters and a portion of the unique data (column 5, line 22-65, user redirects 
URL get request at 100 in Fig. 2A contains an SID. From line 54 to 64, Levergood discloses that 
the preferred SID is a sixteen character string that encodes 96 bit of SID data. It includes a 32-bit 
digital signature, a 2-bit key identifier, and a 22-bit user identifier etc. The 22-bit user identifier 
is considered as authentication parameters. The 16-bit ASCII string is considered as said unique 
data, and the authorized IP address is considered as said identifier. The browser forwards the 
request to a content server 120. As stated above, content server is considered as AP.). 

As per claim 42 , Levergood discloses "a method for controlling network access, said 
method comprising:" (column 3, line 8-9, methods of processing service requests from a client to 
a server through a network) "receiving a request for network access" (column 3, line 21-29, a 
client request of access a network is made) "re-directing said request via a message" (column 3, 
line 27-29, Levergood discloses that content server initiates the authorization routine by 
redirecting the client's request via URL) "receiving a client identifier and unique data" (column 
3, line 43-47, receives a URL request accompanied by an SID. The SID includes client identifier 
and unique data) "receiving a re-directed universal resource locator included embedded 
information (column 3, line 43-47, receives a URL request accompanied by an SID) "generating 
a local digital signature using said embedded information and said association between said 
unique data and said client identifier" (column 5, line 54 to 64, Levergood discloses that the 
preferred SID includes a 32-bit digital signature that has a 16-bit expiration date, a 2-bit key 
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identifier, and a 22-bit user identifier etc. Therefore, the digital signature using the embedded 
information of unique data and 22 -bit user identifier) "comparing said local digital signature 
with a digital signature received in said embedded information" (column 6, line 8-16, the 
received SID's digital signature is compared against the digital signature computed locally); 
granting network access if said local digital signature matches said digital signature received in 
said embedded information; and deny network access if said local digital signature does not 
match said digital signature received in said embedded information" (column 6, line 17-20, with 
respect to this limitation, Levergood discloses if the validation passes, the controlled resources 
will be granted to access. In other words, if the validation docs not pass, the controlled resources 
will not be granted to access). 

Levergood does not specifically disclose "associating said unique data and said client 
identifier". 

However, Steward discloses "associating said unique data and said client identifier" 
(column 2, line 42-66, access point detect identification information, and later discloses to store a 
list of identification information that maps to a corresponding list). 

Levergood and Stewart are analogous art because both applications teach the access 
control to a network or the Internet via wire or wirelessly. 

It would have been obvious to one of ordinary skilled in the art at the time of invention to 
further processing access request of Levergood at an access point or an computing device as 
described in Stewart because it would provide for varying the options to be authenticated to a 
network. 
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As per claim 43 , Levergood discloses "the method according to claim 42, wherein said 
unique data comprises a session identifier and a random number" (column 5, line 54-65, the 16 
character ASCII string that encodes 96 bits of SID data. Since it is encoded the data includes a 
randomized number). 

As per claim 44 , Levergood discloses "the method according to claim 42, wherein said 
embedded information further comprises a session identifier and authentication parameters" 
(column 5, line 22-65, user redirects URL get request at 100 in Fig. 2A contains an SID. From 
line 54 to 64, Levergood discloses that the preferred SID is a sixteen character string that 
encodes 96 bit of SID data. It includes a 32-bit digital signature, a 2-bit key identifier, and a 22- 
bit user identifier etc. The 22-bit user identifier is considered as authentication parameters. The 
16-bit ASCII string is considered as said unique data, and the authorized IP address is considered 
as session identifier). 

As per claim 45 , Levergood discloses "a system for controlling network access, 
comprising:" (column 3, line 8-9, methods of processing service requests from a client to a 
server through a network) "means for receiving a request for network access" (column 3, line 
21-29, a client request of access a network is made) "means for re-directing said request via a 
message" (column 3, line 27-29, Levergood discloses that content server initiates the 
authorization routine by redirecting the client's request via URL) "means for receiving a client 
identifier and unique data" (column 3, line 43-47, receives a URL request accompanied by an 
SID. The SID includes client identifier and unique data) "means for receiving a re-directed 
universal resource locator included embedded information (column 3, line 43-47, receives a URL 
request accompanied by an SID) "means for generating a local digital signature using said 
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embedded information and said association between said unique data and said client identifier" 
(column 5, line 54 to 64, Levergood discloses that the preferred SID includes a 32-bit digital 
signature that has a 16-bit expiration date, a 2-bit key identifier, and a 22-bit user identifier etc. 
Therefore, the digital signature using the embedded information of unique data and 22 -bit user 
identifier) "means for comparing said local digital signature with a digital signature received in 
said embedded information" (column 6, line 8-16, the received SID's digital signature is 
compared against the digital signature computed locally); "means for granting network access if 
said local digital signature matches said digital signature received in said embedded information; 
and means for deny network access if said local digital signature does not match said digital 
signature received in said embedded information" (column 6, line 17-20, with respect to this 
limitation, Levergood discloses if the validation passes, the controlled resources will be granted 
to access. In other words, if the validation does not pass, the controlled resources will not be 
granted to access). 

Levergood does not specifically disclose "means for associating said unique data and said 
client identifier". 

However, Steward discloses "means for associating said unique data and said client 
identifier" (column 2, line 42-66, access point detect identification information, and later 
discloses to store a list of identification information that maps to a corresponding list). 

Levergood and Stewart are analogous art because both applications teach the access 
control to a network or the Internet via wire or wirelessly. 

It would have been obvious to one of ordinary skilled in the art at the time of invention to 
further processing access request of Levergood at an access point or an computing device as 
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described in Stewart because it would provide for varying the options to be authenticated to a 
network. 

As per claim 46 , Levergood discloses "the system according to claim 45, wherein said 
unique data comprises a session identifier and a random number" (column 5, line 54-65, the 16 
character ASCII string that encodes 96 bits of SID data. Since it is encoded the data includes a 
randomized number). 

As per claim 47 , Levergood discloses "the system according to claim 45, wherein said 
embedded information further comprises a session identifier and authentication parameters" 
(column 5, line 22-65, user redirects URL get request at 100 in Fig. 2A contains an SID. From 
line 54 to 64, Levergood discloses that the preferred SID is a sixteen character string that 
encodes 96 bit of SID data. It includes a 32-bit digital signature, a 2-bit key identifier, and a 22- 
bit user identifier etc. The 22-bit user identifier is considered as authentication parameters. The 
16-bit ASCII string is considered as said unique data, and the authorized IP address is considered 
as session identifier). 

Conclusion 

13. The following prior art made of record and not relied upon is cited to establish the level 
of skill in the applicant's art and those arts considered reasonably pertinent to applicant's 
disclosure. See MPEP 707.05(c). 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JING SIMS whose telephone number is (571)270-73 15. The 
examiner can normally be reached on 7:30am-5:00pm EST, Mon-Thu. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Thomas Pham can be reached on (572)272-3689. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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